System:
OS: macOS 12.3.1
CPU: (8) arm64 Apple M1
Memory: 114.89 MB / 16.00 GB
Shell: 5.8 - /bin/zsh
Binaries:
Node: 16.15.0 - /usr/local/bin/node
Yarn: Not Found
npm: 8.3.2 - ./node_modules/.bin/npm
Watchman: Not Found
Managers:
CocoaPods: 1.11.3 - /usr/local/bin/pod
SDKs:
iOS SDK:
Platforms: DriverKit 21.4, iOS 15.5, macOS 12.3, tvOS 15.4, watchOS 8.5
Android SDK: Not Found
IDEs:
Android Studio: 2021.2 AI-212.5712.43.2112.8609683
Xcode: 13.4/13F17a - /usr/bin/xcodebuild
Languages:
Java: 14.0.2 - /usr/bin/javac
npmPackages:
@react-native-community/cli: Not Found
react: 17.0.2 => 17.0.2
react-native: 0.68.0 => 0.68.0
react-native-macos: Not Found
npmGlobalPackages:
react-native: Not Found
Platforms
Is this issue related to Android, iOS, or both ? Android only
Versions
Please add the used versions/branches
Android: Target is 31
react-native-geolocation-service: 5.3.0-beta.4
react-native: 0.68.0
react: 17.0.2
Description
Thanks for the great library, as part of publish the app in store, we have scan the APK with veracode and found below issue, It will be great if these security issues also addressed.
FusedLocationProvider.java
Line no: 223
Description: Standard random number generators do not provide a sufficient amount of entropy when used for security purposes. Attackers can brute force the output of pseudorandom number generators such as rand().
Remediation: If this random number is used where security is a concern, such as generating a session key or session identifier, use a trusted cryptographic random number generator instead. These can be found on the Windows platform in the CryptoAPI or in an open source library such as OpenSSL. In Java, use the SecureRandom object to ensure sufficient entropy.
Reproducible Demo
Provide a detailed list of steps that reproduce the issue.
Environment
System: OS: macOS 12.3.1 CPU: (8) arm64 Apple M1 Memory: 114.89 MB / 16.00 GB Shell: 5.8 - /bin/zsh Binaries: Node: 16.15.0 - /usr/local/bin/node Yarn: Not Found npm: 8.3.2 - ./node_modules/.bin/npm Watchman: Not Found Managers: CocoaPods: 1.11.3 - /usr/local/bin/pod SDKs: iOS SDK: Platforms: DriverKit 21.4, iOS 15.5, macOS 12.3, tvOS 15.4, watchOS 8.5 Android SDK: Not Found IDEs: Android Studio: 2021.2 AI-212.5712.43.2112.8609683 Xcode: 13.4/13F17a - /usr/bin/xcodebuild Languages: Java: 14.0.2 - /usr/bin/javac npmPackages: @react-native-community/cli: Not Found react: 17.0.2 => 17.0.2 react-native: 0.68.0 => 0.68.0 react-native-macos: Not Found npmGlobalPackages: react-native: Not Found
Platforms
Is this issue related to Android, iOS, or both ? Android only
Versions
Please add the used versions/branches
Description
Thanks for the great library, as part of publish the app in store, we have scan the APK with veracode and found below issue, It will be great if these security issues also addressed.
FusedLocationProvider.java
Line no: 223
Reproducible Demo
Provide a detailed list of steps that reproduce the issue.
Expected Results
Reported issues should not appear in the veracode